Splunk Search

Community Activity

Why are my events not in time order? We just upgraded our Splunk server to version 7.0. I created a query that has a time range Between 05/19/2018 04:28:0... by iqtroy New Member in Splunk Search 11-21-2018 0 5	0	5
Search returning duplicated/wrong results after upgrading to 7.1 For some reason, after upgrading Splunk to 7.1 some searches no longer return the results for certain days; instead o... by jmangs Explorer in Splunk Search 11-21-2018 3 8	3	8
Field name getting reflected in the same field value While listing out the values of a field in a table, the name of the field is getting listed in the field values. does... by qbolbk59 Path Finder in Splunk Search 11-21-2018 0 6	0	6
Filter consumed event types and/or collect start date? Hi, Is it possible to configure this app to only collect logs from a particular start date as opposed to all histori... by snort80 Explorer in Splunk Search 11-21-2018 0 0	0	0
Create data table conditinally My logs are below content : Export of US successfully transferred to FR Import successfully ended on US from export ... by dhirendra761 Contributor in Splunk Search 11-21-2018 0 1	0	1
How do I rename a hostname in Splunk? Hi, How do I rename hostname in Splunk? I am trying to enroll a particular syslog in Splunk. I want to rename a host... by dbashyam Explorer in Splunk Search 11-21-2018 0 3	0	3
Sorting the data values in a stacked timechart How do I order the horizontal slices in a stacked timechart by value? The working search string looks like this: ti... by adrianblakey New Member in Splunk Search 11-21-2018 0 1	0	1
How do you rename count of field values conditionally? Hi, I have below data in below format using stats count command Date - FR GE SP UK NULL 16/11/18 ... by dhirendra761 Contributor in Splunk Search 11-20-2018 0 4	0	4
How do I combine multiple rex commands into a single one? Hello, I am working with some unstructured data so I'm using the rex command to get some fields out of it. I need th... by andrewtrobec Motivator in Splunk Search 11-20-2018 0 5	0	5
Can you help me build a regex that extracts an IP Address from a log message? How do I extract an IP address from a log message using regex? All the four octets need to be pulled at a time, rex... by gokikrishnan198 New Member in Splunk Search 11-20-2018 0 3	0	3
How do you make a search that returns hosts that haven't checked in to an external source within a certain time frame? Hello All, I am relatively new to Splunk and need some help on this search query. I have hosts that are required to ... by jj39501 New Member in Splunk Search 11-20-2018 0 7	0	7
Could I save the predicted value after using ML model? As title, I am using Splunk Machine Learning Toolkit now. I'm confused about whether I could save the result of predi... by rickyhsu7 Explorer in Splunk Search 11-20-2018 1 6	1	6
How to search a query and a lookup file with common columns? ][1] So, I would like to run my query below(which would return IP Addresses) and match the results to the input fil... by mmercola New Member in Splunk Search 11-20-2018 0 3	0	3
How can I perform math calculations within my XML dashboard? I would like to use a drilldown token created from clicking a bar on a timechart and add 1800 to the value and use it... by jonx10000 New Member in Splunk Search 11-20-2018 0 3	0	3
Return message based on what is NOT showing in Subsearch I have a subsearch returning all files imported per client as the value "Client_File". It's value will look like ABC_... by griffinpair Path Finder in Splunk Search 11-20-2018 0 0	0	0
Lookup command - multiple input fields Hi, is it possible to use more than one input field within a lookup command? The lookuptable looks like this: User... by HeinzWaescher Motivator in Splunk Search 11-20-2018 4 10	4	10
Multiple sums in stats query Hi! I'm attempting to take an existing query and update it to do the following: For the last 24 hours, sum and lis... by rwalker1072 New Member in Splunk Search 11-20-2018 0 8	0	8
DB Connect Temporal Lookup - does it exist? Hi. I am trying to figure out how to put together a time based lookup using the DBX conduit, connected to a radius... by newbernd New Member in Splunk Search 11-20-2018 0 0	0	0
How do you use the streamstats command after tstats and stats? Hi, Thanks upfront for your time. I need to aggregate some information with the tstats command and make a weekly com... by akocak Contributor in Splunk Search 11-20-2018 0 2	0	2
How to avoid separation lines in email inline tables? After we upgraded from version 6.3.X to 6.6.11 we see that inline tables in emails appear with a separation line betw... by langhorn Explorer in Splunk Search 11-19-2018 0 4	0	4
stats count() as by host VERSUS stats count(kpi1) as kpi1 ... by host. I ultimately want to understand the difference between these 2 searches and why I get different results? stats count... by HattrickNZ Motivator in Splunk Search 11-19-2018 0 1	0	1
Whats the difference between the machine learning toolkit>forecast and the predict command you can run at searchtime? Whats the difference between the machine learning toolkit>forecast and the predict command you can run at searchtime? by tb5821 Communicator in Splunk Search 11-19-2018 0 4	0	4
How do you merge events on common field values? Basically I have two fields, index and sourcetypes. Index: Sourcetype: index1 sourcetypeA index2 ... by alanzchan Path Finder in Splunk Search 11-19-2018 0 1	0	1
Can you help me build a regex that isolates and removes a single character in a field? Hello, I need some help with removing a specific character from a field. I have a field we'll call A. In it is typ... by newill New Member in Splunk Search 11-19-2018 0 2	0	2
What is the difference between Hunk and Hadoop Connect? I want to monitor Hadoop Usage, and Cloudera manager is not that useful. I wanted to know what is the difference betw... by shreyasathavale Communicator in Splunk Search 11-19-2018 0 1	0	1